Fake Flash, fake money, real malware

Stop us if you'd heard this one before: but unsolicited Flash download pages on random sites can be a bit dodgy.

Palo Alto Networks says it has found one variant of the old fake Flash attack utilizing a new trick to turn a quick buck: crypto mining. Palo Alto says that this new trick actually includes a real copy of Flash, but also covertly installs a small mining script that utilizes the victim's PC to make some funbux from Monero.

It's telling that, despite the payloads becoming more stealthy and sophisticated, the old techniques for duping people into installing malware are just as effective nearly two decades on.

Azure Confidential promises not to tell anyone about those files

Microsoft has launched a new flavor of Azure aimed at those who want their data encrypted at every turn.

Azure Confidential will look to offer subscriber's VMs that run on encrypted hardware, as well as encrypted storage and data transmissions. The hardware is what's new here, as Microsoft is plugging the new boxes into the US East Coast and Europe West datacenters.

"Years of work with our silicon vendors have allowed us to bring application isolation technology to hardware in our datacenters to support this new VM family," Microsoft says of the new hardware.

"While these virtual machines may ‘look and feel’ like standard VM sizes from the control plane, they are backed by hardware-based Trusted Execution Environments (TEEs), specifically the latest generation of Intel Xeon Processors with Intel SGX technology."

Senators give Google the dreaded 'sternly worded letter'

In what we are sure is an entirely legitimate concern for privacy and information security, and not just a partisan hack job on the current popular political boogeyman, Republican Senators are quite anxious for Google to explain its vulnerability disclosure policies.

Among their questions: when did Google know about the issue? Does it have any evidence of misuse or plans to respond if misuse is found? Did Google disclose the issue to its independent assessor? Would Google discern between paying and non-paying customers when deciding who to notify about data loss?

'Oh Canada, should Huawei gear be banned?'

The US government has made no secret of its distrust for for Huawei and fears that the Chinese telco was just a bit too close with the government in its home country. Now, US lawmakers want their neighbor to the North to follow suit.

In a letter to Canadian PM Justin Trudeau, Senators Mark Warner (D-VA) and Marco Rubio (R-FL) urged Canada to ban all Huawei networking gear from its planned 5G networks.

The worry, say the duo, is that the Chinese government will convince Huawei to put backdoors and monitoring gear into the hardware, then use those points to intercept and spy on communications both within Canada and those going into the US.

It remains to be seen whether Trudeau will take the advice to heart.

Google puts Outline online

Google's open source branch says it has released Outline, a tool that will allow companies to set up and maintain their own VPNs. The VPN is delivered as a Docker image that can be opened up to run on the DigitalOcean cloud.

The aim, said Google, was to give journalists and those worried about surveillance a reliable, secure connection.

"Censorship and surveillance are challenges that many journalists around the world face on a daily basis," Google said.

"Some of them use a virtual private network (VPN) to provide safer access to the open internet, but not all VPNs are equally reliable and trustworthy, and even fewer are open source."

Army ups offers for infosec specialists

Believe it or not, but the US Army hasn't always been seen as the coolest of organizations in the hacking community.

Now, looking to bolster the ranks of its tech-savy units, the Army says it will be commissioning officers into is cyber security programs with the rank of colonel.

The big reason for this is pay grade; FCW notes that a colonel makes $78,000-$100,000 base pay a year, compared to $43,000-$60,000 for lieutenants. By upping the pay grade, the Army is going to be better able to keep pace with what the private sector is offering when it comes to getting (and keeping) talent.

And finally

And Booz Allen Hamilton – the technology consultants that Edward Snowden worked for when he walked off with top-secret US government intelligence documents – was over this summer awarded a $1bn cybersecurity contract with, er, the US government. ®